From 03d23bfde7a541ac2588007e4b5bf474c509a867 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 11 Feb 2018 10:19:09 -0800 Subject: [PATCH] addons: Remove Kubernetes Dashboard manifests and docs * Stop maintaining Kubernetes Dashboard manifests. Dashboard takes an unusual approch to security and is often a security weak point. * Recommendation: Use `kubectl` and avoid using the dashboard. If you must use the dashboard, explore hardening and consider using an authenticating proxy rather than the dashboard's auth features --- CHANGES.md | 1 + addons/dashboard/deployment.yaml | 32 -------------------------------- addons/dashboard/service.yaml | 15 --------------- docs/addons/dashboard.md | 27 --------------------------- docs/addons/overview.md | 1 - mkdocs.yml | 1 - 6 files changed, 1 insertion(+), 76 deletions(-) delete mode 100644 addons/dashboard/deployment.yaml delete mode 100644 addons/dashboard/service.yaml delete mode 100644 docs/addons/dashboard.md diff --git a/CHANGES.md b/CHANGES.md index 1aef4330..b55d4c30 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,6 +24,7 @@ Notable changes between versions. * Update nginx-ingress from 0.9.0 to 0.10.2 * Update CLUO from v0.5.0 to v0.6.0 * Switch manifests to use `apps/v1` Deployments and Daemonsets +* Remove Kubernetes Dashboard manifests ([#121](https://github.com/poseidon/typhoon/pull/121)) #### Digital Ocean diff --git a/addons/dashboard/deployment.yaml b/addons/dashboard/deployment.yaml deleted file mode 100644 index 3991836f..00000000 --- a/addons/dashboard/deployment.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: kubernetes-dashboard - namespace: kube-system -spec: - replicas: 1 - template: - metadata: - labels: - name: kubernetes-dashboard - phase: prod - spec: - containers: - - name: kubernetes-dashboard - image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.6.1 - ports: - - name: http - containerPort: 9090 - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 100m - memory: 100Mi - livenessProbe: - httpGet: - path: / - port: 9090 - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/addons/dashboard/service.yaml b/addons/dashboard/service.yaml deleted file mode 100644 index 9d8a2bfb..00000000 --- a/addons/dashboard/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kubernetes-dashboard - namespace: kube-system -spec: - type: ClusterIP - selector: - name: kubernetes-dashboard - phase: prod - ports: - - name: http - protocol: TCP - port: 80 - targetPort: 9090 diff --git a/docs/addons/dashboard.md b/docs/addons/dashboard.md deleted file mode 100644 index 3e57972d..00000000 --- a/docs/addons/dashboard.md +++ /dev/null @@ -1,27 +0,0 @@ -# Kubernetes Dashboard - -!!! warning - The Kubernetes Dashboard takes [unusual approaches](https://github.com/kubernetes/dashboard/wiki/Access-control#authorization-header) to security and is often a point of security escalations. We recommend you do don't deploy it and get familiar with `kubectl`, if possible. - -The Kubernetes [Dashboard](https://github.com/kubernetes/dashboard) provides a web UI to manage a Kubernetes cluster for those who prefer an alternative to `kubectl`. - -## Create - -Create the dashboard deployment and service. - -``` -kubectl apply -f addons/dashboard -R -``` - -## Access - -Use `kubectl` to authenticate to the apiserver and create a local port forward to the remote port on the dashboard pod. - -```sh -kubectl get pods -n kube-system -kubectl port-forward POD [LOCAL_PORT:]REMOTE_PORT -kubectl port-forward kubernetes-dashboard-id 9090 -n kube-system -``` - -!!! tip - If you'd like to expose the Dashboard via Ingress and add authentication, use a suitable OAuth2 proxy sidecar and pick your favorite OAuth2 provider. diff --git a/docs/addons/overview.md b/docs/addons/overview.md index 8cd4be3d..9c57b149 100644 --- a/docs/addons/overview.md +++ b/docs/addons/overview.md @@ -7,5 +7,4 @@ Every Typhoon cluster is verified to work well with several post-install addons. * [Heapster](heapster.md) * [Prometheus](prometheus.md) * [Grafana](grafana.md) -* Kubernetes [Dashboard](dashboard.md) diff --git a/mkdocs.yml b/mkdocs.yml index 51f2c644..119978f3 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -51,7 +51,6 @@ pages: - 'Nginx Ingress': 'addons/ingress.md' - 'Prometheus': 'addons/prometheus.md' - 'Grafana': 'addons/grafana.md' - - 'Dashboard': 'addons/dashboard.md' - 'Topics': - 'Maintenance': 'topics/maintenance.md' - 'Hardware': 'topics/hardware.md'